Column: The Distributed Douchebag Attack

Law and technology can interact in funny ways. Take the Digital Millennium Copyright Act, which allows for those hosting material on the Internet to avoid liability for copyright infringement if they comply with requests to take down copyrighted material quickly. It motivates companies hosting material, like YouTube or Flickr, to streamline the process. Increasingly, rights holders are automating their side too, potentially leaving two scripts talking to each other to determine the destiny of media. But plenty of requests that come through aren’t valid, or are aimed at legal content. Chillingeffects.org maintains a database of requests, sensible and not, including one from 2012 where HBO attempted to take down access to its own site.

Ah, scripts. This is where it gets fun—a recipe for legal chaos.

The first ingredient is a Markov chain. This is a mathematical method to build elements out of a random but conditional process. They’re good for building plausible text when properly seeded with something like the Chilling Effects database, with its thousands of legal letters. Combined with a few reasonable templates, an offshore server, and a bit of web crawling, an ambitiously foolish programmer could DMCA takedown All The Things.

The burden to prove the legality of the material is on the person who uploaded it, who can also file a counter-notice to the takedown request. This part requires a human, meaning it doesn’t scale very well, at least not compared to our litigious (though bluffing) automated systems.

It’s hard to predict how many would get through, but with enough automation, such legalistic spam could still put a dent in human expression. It’s an attack built into the law, enabled by technology. I call it the Distributed Douchebag Attack, and while it’s definitely inadvisable, possibly illegal, and plainly reprehensible, it’s a reminder that law can be hacked, too.